CVE-2025-7788

high

Published 2025-07-18 · Modified 2026-04-29

CVSS v3

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

6.5

VIR risk

8.8

Description

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Predictions

Exploit likelihood

92%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://github.com/xuxueli/xxl-job/issues/3750

Application impact

Vendor	Product	Versions	Fixed
xuxueli	xxl-job	`{"endIncluding":"3.1.1"}`

References

https://github.com/xuxueli/xxl-job/issues/3750
https://vuldb.com/?ctiid.316849
https://vuldb.com/?id.316849
https://vuldb.com/?submit.615758

CWEs

CWE-77 CWE-78

Verify integrity in audit chain (admin only). AS-IS.